ClawHub

Asana mcp

Manage Asana tasks, projects, portfolios, goals, and team workspaces via Asana's hosted MCP server (https://mcp.asana.com/v2/mcp). Use when the user asks about Asana tasks, projects, portfolios, goals, assignees, or team workspaces.

Audits

Pass
ClawScanPass

Agentic behavior and permission review.

Static analysisPass

Pattern checks against bundled files.

VirusTotalPass

Multi-engine malware detections and file reputation.

Install

openclaw skills install maverick-asana-mcp-2

Asana

Quick start

Always invoke through bash {baseDir}/scripts/invoke.sh — never call mcporter directly. The wrapper seeds the OAuth vault from the env-supplied tokens when needed, then calls mcporter.

bash {baseDir}/scripts/invoke.sh call maverick-asana.get_me
bash {baseDir}/scripts/invoke.sh call maverick-asana.search_tasks text="launch"
bash {baseDir}/scripts/invoke.sh call maverick-asana.get_projects

For structured output (also surfaces transport errors as JSON envelopes — workaround for mcporter #153):

bash {baseDir}/scripts/invoke.sh call --output json maverick-asana.search_tasks text="launch" | jq '.result.content'

Discover available tools and schemas:

bash {baseDir}/scripts/invoke.sh list maverick-asana --schema

Safety

Write operations (create_task, update_task, add_task_to_project, assignments, due dates, comments, project changes, and completion changes) modify Asana work visible to the connected workspace. Confirm clear user intent before invoking write tools — read and search tools are safe to call freely while exploring. Resolve names to GIDs, read the current task or project state before modifying it, and use opt_fields to keep responses small.

Authentication

Tokens are provisioned and rotated automatically. If a call returns HTTP 401 that doesn't recover within a few seconds, the OAuth grant has been revoked — re-authorize the integration to refresh credentials.

Data flow

Tool calls travel to Asana's hosted MCP service at https://mcp.asana.com/v2/mcp over HTTPS, authenticated via OAuth. Asana sees the task, project, portfolio, and workspace data referenced by each call. Use this skill for Asana-related work only; do not pass unrelated sensitive content through these tools.

Dependencies

  • mcporter (github.com/steipete/mcporter) — MCP CLI used to invoke Asana's hosted MCP server. Auto-installed via npm install -g --ignore-scripts mcporter if missing on PATH (see install spec in frontmatter). The install spec uses unpinned mcporter (npm latest); operators with strict supply-chain controls should override the install to pin a specific version (e.g. mcporter@<version>).
  • jq (stedolan.github.io/jq) — JSON processor used by the vault initializer. System dependency; install via your OS package manager (apt install jq, brew install jq, etc.).
  • flock (part of util-linux) — file locking used to serialize concurrent vault writes. Available by default on Linux; on macOS install via brew install flock.
  • shasum (Perl, ships with Digest::SHA) — computes the SHA-256 hashes used to derive the mcporter vault key and the provisioned-token marker. Preinstalled on macOS and on Debian/Ubuntu (incl. the deployed cloudflare/sandbox Ubuntu 22.04 image); on minimal Linux images install perl-Digest-SHA. The script invokes shasum -a 256 rather than GNU sha256sum so it runs on stock macOS without coreutils.